* [PATCH 1/2] mac80211: Don't memset RXCB prior to PAE intercept
[not found] <20190827224120.14545-1-denkenz@gmail.com>
@ 2019-08-27 22:41 ` Denis Kenzior
2019-08-27 22:41 ` [PATCH 2/2] mac80211: Correctly set noencrypt for PAE frames Denis Kenzior
1 sibling, 0 replies; 2+ messages in thread
From: Denis Kenzior @ 2019-08-27 22:41 UTC (permalink / raw)
To: linux-wireless; +Cc: Denis Kenzior, stable
In ieee80211_deliver_skb_to_local_stack intercepts EAPoL frames if
mac80211 is configured to do so and forwards the contents over nl80211.
During this process some additional data is also forwarded, including
whether the frame was received encrypted or not. Unfortunately just
prior to the call to ieee80211_deliver_skb_to_local_stack, skb->cb is
cleared, resulting in incorrect data being exposed over nl80211.
Fixes: 018f6fbf540d ("mac80211: Send control port frames over nl80211")
Cc: stable@vger.kernel.org
Signed-off-by: Denis Kenzior <denkenz@gmail.com>
---
net/mac80211/rx.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 3c1ab870fefe..7c4aeac006fb 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -2452,6 +2452,8 @@ static void ieee80211_deliver_skb_to_local_stack(struct sk_buff *skb,
cfg80211_rx_control_port(dev, skb, noencrypt);
dev_kfree_skb(skb);
} else {
+ memset(skb->cb, 0, sizeof(skb->cb));
+
/* deliver to local stack */
if (rx->napi)
napi_gro_receive(rx->napi, skb);
@@ -2546,8 +2548,6 @@ ieee80211_deliver_skb(struct ieee80211_rx_data *rx)
if (skb) {
skb->protocol = eth_type_trans(skb, dev);
- memset(skb->cb, 0, sizeof(skb->cb));
-
ieee80211_deliver_skb_to_local_stack(skb, rx);
}
--
2.19.2
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [PATCH 2/2] mac80211: Correctly set noencrypt for PAE frames
[not found] <20190827224120.14545-1-denkenz@gmail.com>
2019-08-27 22:41 ` [PATCH 1/2] mac80211: Don't memset RXCB prior to PAE intercept Denis Kenzior
@ 2019-08-27 22:41 ` Denis Kenzior
1 sibling, 0 replies; 2+ messages in thread
From: Denis Kenzior @ 2019-08-27 22:41 UTC (permalink / raw)
To: linux-wireless; +Cc: Denis Kenzior, stable
The noencrypt flag was intended to be set if the "frame was received
unencrypted" according to include/uapi/linux/nl80211.h. However, the
current behavior is opposite of this.
Cc: stable@vger.kernel.org
Fixes: 018f6fbf540d ("mac80211: Send control port frames over nl80211")
Signed-off-by: Denis Kenzior <denkenz@gmail.com>
---
net/mac80211/rx.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 7c4aeac006fb..8514c1f4ca90 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -2447,7 +2447,7 @@ static void ieee80211_deliver_skb_to_local_stack(struct sk_buff *skb,
skb->protocol == cpu_to_be16(ETH_P_PREAUTH)) &&
sdata->control_port_over_nl80211)) {
struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
- bool noencrypt = status->flag & RX_FLAG_DECRYPTED;
+ bool noencrypt = (status->flag & RX_FLAG_DECRYPTED) == 0;
cfg80211_rx_control_port(dev, skb, noencrypt);
dev_kfree_skb(skb);
--
2.19.2
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-08-27 22:46 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <20190827224120.14545-1-denkenz@gmail.com>
2019-08-27 22:41 ` [PATCH 1/2] mac80211: Don't memset RXCB prior to PAE intercept Denis Kenzior
2019-08-27 22:41 ` [PATCH 2/2] mac80211: Correctly set noencrypt for PAE frames Denis Kenzior
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).